feat(vrouter): SNMP configuration vyos/vyatta

docs/apps.md

@@ -39,7 +39,7 @@ spec:
           metadata:
             ipsec:
               - local: 10.0.10.2
-                remote 10.0.40.2
+                remote: 10.0.40.2
                 peer: rtr2
                 tunnels:
                   - local: 192.168.10.0/24
@@ -83,9 +83,33 @@ spec:
                 dnsServers:
                   - 192.168.0.254
                 staticAssignments:
-                  00:00:00:00:00:BB: 192.168.0.50
+                  "00:00:00:00:00:BB": 192.168.0.50
             dns:
-              1.2.3.4: foo.com
+              "1.2.3.4": foo.com
+            snmp:
+              system_name: edge-router-01
+              location: "Lab A, Rack 2, U 24"
+              contact: "[email protected]"
+              communities:
+                - name: readonly-community
+                  authorization: ro
+                  clients:
+                    - 10.0.1.10
+                    - 10.0.2.0/24
+                  view: restricted
+                  trap_targets:
+                    - 10.0.50.5
+                  views:
+                    - name: restricted
+                      entries:
+                        - oid: 1.3.6.1.2.1.1
+                          permission: included
+                        - oid: 1.3.6.1.2.1.2
+                          permission: included
+                - name: readwrite-community
+                  authorization: rw
+                  clients:
+                    - 10.0.1.11
             snat:
               - interface: eth0
                 srcAddr: 192.168.0.0/24
@@ -197,6 +221,36 @@ spec:
 
 * `dns`: if present, map of IP-to-domain DNS entries to create on the router.
 
+* `snmp`: if present, SNMP is configured on the router.
+
+    * `system_name`: a string describing the system.
+
+    * `location`: a string for the system's physical location.
+
+    * `contact`: a string for the system's contact information.
+
+    * `communities`: a list of SNMP communities to configure.
+
+        * `name`: the community string/name. This is required.
+
+        * `authorization`: the authorization level for the community. Can be `ro` (read-only) or `rw` (read-write). Defaults to `ro` if not specified.
+
+        * `clients`: a list of client IP addresses or CIDR ranges that are allowed to use this community.
+
+        * `view`: the name of a view to associate with this community, restricting the OIDs that can be accessed.
+
+        * `trap_targets`: a list of IP addresses to send SNMP traps to.
+
+        * `views`: a list of view definitions.
+
+            * `name`: the name of the view, which can be referenced by a community's `view` property.
+
+            * `entries`: a list of OID entries for the view.
+
+                * `oid`: the MIB OID tree to include or exclude.
+
+                * `permission`: set to `included` or `excluded`. Both `oid` and `permission` are required for an entry to be valid.
+
 * `emulators`: if present, a list of network emulator traffic policies to apply
   to one or more interfaces on egress. For each emulator in the list, only the
   `name` key is required, though the traffic policy will not get applied if
@@ -233,7 +287,7 @@ spec:
     rules are actually applied to packets "egressing out of" interface `eth0`.
 
 !!! note
-    Currently, the `ipsec`, `emulators`, and `snat`/`dnat` metadata sections only
+    Currently, the `ipsec`, `emulators`, `snmp`, and `snat`/`dnat` metadata sections only
     apply to Vyatta/VyOS routers.
 
 !!! note